suse/kernel-source-rt&distro=SUSE Real Time Module 15 SP7

Vulnerabilities (2,100)

• CVE-2025-38701MedSep 4, 2025
  affected < 6.4.0-150700.7.19.1fixed 6.4.0-150700.7.19.1

  In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() when an inode had the INLINE_DATA_FL flag set but was missing the system.data e

• CVE-2025-38700MedSep 4, 2025
  affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated In case of an ib_fast_reg_mr allocation failure during iSER setup, the machine hits a panic because iscsi_conn->dd_data is initialized

• CVE-2025-38699HigSep 4, 2025
  affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is freed without setting bfad->im to NULL. Subsequently, during driver uninstallation

• CVE-2025-38698MedSep 4, 2025
  affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1

  In the Linux kernel, the following vulnerability has been resolved: jfs: Regular file corruption check The reproducer builds a corrupted file on disk with a negative i_size value. Add a check when opening this file to avoid subsequent operation failures.

• CVE-2025-38697HigSep 4, 2025
  affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1

  In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index in dbAllocAG, we never check if we are out of bounds realative to the size of the stree. This could happen in a scenario where the

• CVE-2025-38695MedSep 4, 2025
  affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure If a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the resultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted

• CVE-2025-38694MedSep 4, 2025
  affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1

  In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() In dib7090p_rw_on_apb, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be

• CVE-2025-38693MedSep 4, 2025
  affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1

  In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar In w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero

• CVE-2025-38691MedSep 4, 2025
  affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1

  In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function ext_tree_prepare_commit() reallocates a larger buffer to retry encoding extents, the "lay

• CVE-2025-38687MedSep 4, 2025
  affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1

  In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between polling and detaching syzbot reports a use-after-free in comedi in the below link, which is due to comedi gladly removing the allocated async area even though poll requests are still ac

• CVE-2025-38685HigSep 4, 2025
  affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1

  In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit This issue triggers when a userspace program does an ioctl FBIOPUT_CON2FBMAP by passing console number and frame buffer number. Ideally this maps console

• CVE-2025-38684MedSep 4, 2025
  affected < 6.4.0-150700.7.19.1fixed 6.4.0-150700.7.19.1

  In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: use old 'nbands' while purging unused classes Shuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify() after recent changes from Lion [2]. The problem is: in ets_qdisc_change()

• CVE-2025-38683MedSep 4, 2025
  affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1

  In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix panic during namespace deletion with VF The existing code move the VF NIC to new namespace when NETDEV_REGISTER is received on netvsc NIC. During deletion of the namespace, default_device_exit_ba

• CVE-2025-38681MedSep 4, 2025
  affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1

  In the Linux kernel, the following vulnerability has been resolved: mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Memory hot remove unmaps and tears down various kernel page table regions as required. The ptdump code can race with concurrent modifications of

• CVE-2025-38680HigSep 4, 2025
  affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1

  In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() The buffer length check before calling uvc_parse_format() only ensured that the buffer has at least 3 bytes (buflen > 2), buf the function ac

• CVE-2025-38679HigSep 4, 2025
  affected < 6.4.0-150700.7.19.1fixed 6.4.0-150700.7.19.1

  In the Linux kernel, the following vulnerability has been resolved: media: venus: Fix OOB read due to missing payload bound check Currently, The event_seq_changed() handler processes a variable number of properties sent by the firmware. The number of properties is indicated by

• CVE-2025-38730Sep 4, 2025
  affected < 6.4.0-150700.7.19.1fixed 6.4.0-150700.7.19.1

  In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. io_uring deals with this and invalidates them on r

• CVE-2025-38722Sep 4, 2025
  affected < 6.4.0-150700.7.19.1fixed 6.4.0-150700.7.19.1

  In the Linux kernel, the following vulnerability has been resolved: habanalabs: fix UAF in export_dmabuf() As soon as we'd inserted a file reference into descriptor table, another thread could close it. That's fine for the case when all we are doing is returning that descripto

• CVE-2025-38718Sep 4, 2025
  affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1

  In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uniniti

• CVE-2025-38709Sep 4, 2025
  affected < 6.4.0-150700.7.19.1fixed 6.4.0-150700.7.19.1

  In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner Syzbot came up with a reproducer where a loop device block size is changed underneath a mounted filesystem. This causes a mismatch between the block device